Lucene search

IbmCVE-2014-6153

HistoryDec 24, 2014 - 11:59 a.m.

CVE-2014-6153

2014-12-2411:59:02

CWE-310

ibm

web.nvd.nist.gov

ibm

wsrr

websphere

service registry

repository

insecure cookie

vulnerability

cve-2014-6153

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected configurations

Nvd

Node

ibmwebsphere_service_registry_and_repositoryMatch6.3.0

ibmwebsphere_service_registry_and_repositoryMatch6.3.0.1

ibmwebsphere_service_registry_and_repositoryMatch6.3.0.2

ibmwebsphere_service_registry_and_repositoryMatch6.3.0.3

ibmwebsphere_service_registry_and_repositoryMatch6.3.0.4

ibmwebsphere_service_registry_and_repositoryMatch6.3.0.5

ibmwebsphere_service_registry_and_repositoryMatch7.0.0

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.1

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.2

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.3

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.4

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.5

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.0

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.1

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.2

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.3

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.4

ibmwebsphere_service_registry_and_repositoryMatch8.0

ibmwebsphere_service_registry_and_repositoryMatch8.0.0.1

ibmwebsphere_service_registry_and_repositoryMatch8.0.0.2

ibmwebsphere_service_registry_and_repositoryMatch8.5

VendorProductVersionCPE
ibmwebsphere_service_registry_and_repository6.3.0cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository6.3.0.1cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.1:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository6.3.0.2cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.2:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository6.3.0.3cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.3:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository6.3.0.4cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.4:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository6.3.0.5cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.5:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.0.0cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.0.0.1cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.0.0.2cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.0.0.3cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_service_registry_and_repository	6.3.0	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0:::::::*
ibm	websphere_service_registry_and_repository	6.3.0.1	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.1:::::::*
ibm	websphere_service_registry_and_repository	6.3.0.2	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.2:::::::*
ibm	websphere_service_registry_and_repository	6.3.0.3	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.3:::::::*
ibm	websphere_service_registry_and_repository	6.3.0.4	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.4:::::::*
ibm	websphere_service_registry_and_repository	6.3.0.5	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.5:::::::*
ibm	websphere_service_registry_and_repository	7.0.0	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:::::::*
ibm	websphere_service_registry_and_repository	7.0.0.1	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.1:::::::*
ibm	websphere_service_registry_and_repository	7.0.0.2	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.2:::::::*
ibm	websphere_service_registry_and_repository	7.0.0.3	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.3:::::::*

Rows per page:

1-10 of 211

References

www-01.ibm.com/support/docview.wss?uid=swg1IV64010

www.ibm.com/support/docview.wss?uid=swg21693379

www.ibm.com/support/docview.wss?uid=swg21693381

www.ibm.com/support/docview.wss?uid=swg21693384

www.ibm.com/support/docview.wss?uid=swg21693387

www.ibm.com/support/docview.wss?uid=swg21693389

exchange.xforce.ibmcloud.com/vulnerabilities/97622

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

Related for CVE-2014-6153